scd

The now used /var/run thingy solves all these problems nicely. In fact we may eventually remove the use fallback of using sockets in the GNUPGHOMEDIR.

T4702 is our release info task for 2.3.0

@gniibe Hi! Can you estimate, when this feature will be released?
I have not found this patch in the latest GnuPG release tags (in the Git repository) either by the name or the commit hash.

Lowered priority because in reality it is not possible to get a certificate for an arbitrary SigG key on the card. Only accredited CAs may issue certs and they want to keep full control over the key generation.

do_sign() calls find_fid_by_keyref() which does a switch_application(). So, I think the SigG application should already be active. But, yes, please have a look at it.

We need to switch to the SigG application. Shall I look at it?

It seems you have a pretty good understanding and also test cases at hand. May I ask you to apply the suggested pacthes to master?

Already have set another, thanks gnibe! See ya!

Please change your passphrase for your card, BTW.

Good. The error recovery worked well.

$ gpg --card-status
$ gpgconf --kill scdaemon
$ git fetch << (Used my PIN, I have reverted to my previous code other day, is not anymore 123456)

2.2.26-scd.log54 KB

Yes, that worked. Thanks for the tip and sorry for the noise ;-)

I think that ... For some reason, your private key file under .gnupg/private-keys-v1.d has wrong serial number.

Thank you for your testing.
May I ask more test, please?

Hi, I have applied both patch and appears Yubikey is now working correct. I have uploaded the log here.

Yes, makes sense. Although, you should use datalen = indatalen; in the last line (to prevent typos in the numbers).

IIUC, for completeness, it would be good to add the lines like:

In T5167#140229, @gbschenkel wrote:

Nice, I gonna apply the patch and see if resolves for me!

Nice, I gonna apply the patch and see if resolves for me!

Reading the code again, I think that some configuration of NKS card doesn't work well, when it has no certificates but keys (e.g. IDLM config).
I'm going to fix do_readkey as well (the approach #1).

In T5150#140039, @gniibe wrote:

With little (mostly no) knowledge of NKS card, I think I fixed this issue.

With my Yubikey NEO, when I use OTP (touching the button to generate OTP output as key input), I observed "card eject" event:

2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: interrupt callback 0 (2)
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: NotifySlotChange: 02
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: card removed
2020-12-10 11:23:05 scdaemon[7254] DBG: enter: apdu_get_status: slot=0 hang=0
2020-12-10 11:23:05 scdaemon[7254] DBG: leave: apdu_get_status => sw=0x1000c status=0
2020-12-10 11:23:05 scdaemon[7254] DBG: Removal of a card: 0

scdProject
ActivePublic
Watch Project

Members (1)
View All

Watchers
View All

Recent Activity
View All

Sat, Feb 13

Wed, Feb 10

Jan 28 2021

Jan 27 2021

Jan 26 2021

Jan 11 2021

Jan 8 2021

Jan 7 2021

Jan 6 2021

Jan 5 2021

Dec 25 2020

Dec 23 2020

Dec 22 2020

Dec 21 2020

Dec 20 2020

Dec 18 2020

Dec 17 2020

Dec 16 2020

Dec 11 2020

Dec 10 2020

scdProjectActivePublicWatch Project

Members (1)View All

WatchersView All

Recent ActivityView All